Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 - - PDF document

hands on ethical hacking and network defense second
SMART_READER_LITE
LIVE PREVIEW

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 - - PDF document

May 19, 2023 305 likes •369 views

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives After reading this chapter and completing the exercises, you will be able to: Describe port scanning and types of port scans Describe

slide-1
SLIDE 1

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Objectives

  • After reading this chapter and completing the exercises, you will be able to:

– Describe port scanning and types of port scans – Describe port-scanning tools – Explain what ping sweeps are used for – Explain how shell scripting is used to automate security tasks Introduction to Port Scanning

  • What is a Port?

– A logical address in which a computer accepts application specific communications

  • What is Port Scanning?

– The enumeration of ports that a target system self identifies as open and responsive for communications

  • What are the Risks Associated with Open / Unused Ports

– Any port the system is listening to can be used to OS fingerprint or potentially exploit the system. – Always scan all valid port ranges, not just well-known ranges

  • What are the Legitimate Uses for Port Scanning?

– To identify and verify security configurations Port Scanning programs report: – Open ports – Closed ports – Filtered ports – Best-guess running OS Types of Port Scans – SYN scan (Stealthy scan) – Connect scan (Completes three-way handshake) – NULL scan (Packet flags are turned off) – XMAS scan (FIN, PSH and URG flags are set) – ACK scan (Used to get past firewall) – FIN scan (Closed port responds with an RST packet) – UDP scan (Closed port responds with ICMP “Port Unreachable” message) Using Port-Scanning Tools

  • Port-scanning tools

– Hundreds available

slide-2
SLIDE 2

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning

  • Many are Open Source or Free

– Not all are accurate

  • Be familiar with a variety
  • Practice often

– Many CLI or GUI options to potentially learn before you become competent – Choose and stick with one for best results

  • Example tools include:

– Nmap – Unicornscan – Nessus and OpenVAS Unicornscan

  • Developed to assist with large network tests

– Ideal for large-scale endeavors – Scans 65,535 ports in three to seven seconds

  • Handles port scanning using:

– TCP – ICMP – IP

  • Optimizes UDP scanning
  • Open Source
  • Runs on several *nix variants

Nessus and OpenVAS

  • Nessus

– First released in 1998 – No longer under GPL license

  • Still available for download

– Home edition is still available for free (limited capabilities)

  • Installed on your Attacker VM
  • OpenVAS

– Open-source fork of Nessus – Performs complex queries while client interfaces with server – Capable of updating security check plug-ins

  • Security test programs (scripts)

– Available in VM and Live CD versions

  • OpenVAS GUI Overview
  • Conducting Ping Sweeps
  • Purpose:
slide-3
SLIDE 3

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning – Identify which IP addresses belong to active hosts

  • Ping a range of IP addresses
  • Problems:

– Shut down computers cannot respond – Networks may be configured to block ICMP Echo Requests – Firewalls may filter out ICMP traffic FPing

  • Ping multiple IP addresses simultaneously
  • Accepts a range of IP addresses

– Entered at a command prompt – File containing multiple IP addresses

  • Input file

– Usually created with shell-scripting language Hping

  • Used to:

– Perform ping sweeps – Bypass filtering devices

  • Allows users to inject modified IP packets
  • Powerful tool

– All security testers must be familiar with tool – Supports many parameters including:

  • Spoofing source, setting raw mode, and fragmentation, support TCP, UDP

Payloads (not just ICMP protocol) Crafting IP Packets

  • Packet components

– Source IP address – Destination IP address – Flags

  • Helps obtain information

about a service

  • Tools:

– Hping – Fping

slide-4
SLIDE 4

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning Understanding Scripting

  • Modify tools to better suit your needs
  • Customized scripts

– Automates tasks – Time saving – Requires basic programming skills

  • PHP
  • Shell
  • Powershell
  • Visual Basic
  • C#
  • C++
  • Etc…
  • Scripting Basics
  • Similar to DOS batch programming
  • Script or batch file

– Text file – Contains multiple commands

  • Repetitive commands

– Good candidate for scripting

  • Practice is the key

Summary

  • Port scanning (i.e., service scanning)

– Scanning a range of IP address – Determines running services

  • Port scan types

– SYN – ACK – FIN

  • Port scanning tools

– Nmap – Nessus – OpenVAS – Unicornscan

  • Ping sweeps

– Determine which computers are “live”

slide-5
SLIDE 5

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning

  • Scripts

– Automate time-consuming tasks